IN THE CLAIMS 

1. (Currently amended) A method of generating a representation of an access control list, 
the representation being utilizable in a processor, the method comprising the steps of: 

determining a plurality of rules of the access control list, each of at least a subset 
of the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access 
control list, each of one or more of the levels of the tree representation being associated with a 
corresponding one of the fields; 

wherein at least one level of the tree representation other than a root level of the 
tree representation comprises a plurality of nodes, with at least two of the nodes at that level each 
having a separate matching table associated therewith , each of the separate matching tables 
associated with that level comprising one or more entries each specifying a set of one or more 
values for the field associated with that level and each of the separate matching tables associated 
with that level corresponding to a different set of one or more values, for another field, specified 
by a respective one of a plurality of entries of another matching table associated with another 
level of the tree representation . 

2. (Original) The method of claim 1 wherein the matching table comprises a longest 
prefix matching (LPM) table. 

3. (Original) The method of claim 1 wherein the plurality of fields comprises at least first 
and second fields, the first field comprising a source address field and the second field 
comprising a destination address field. 

4. (Original) The method of claim 1 wherein a final level of the tree representation 
comprises a plurality of leaf nodes, each associated with one of the actions of the plurality of 
rules. 



2 



5. (Original) The method of claim 1 wherein the root level of the tree representation 
includes a plurality of field values, each corresponding to a distinct source address in a first field 
of the plurality of rules. 

6. (Original) The method of claim 5 wherein a second level of the tree representation 
includes a plurality of nodes, each being associated with a subtree of a given one of the distinct 
source addresses of the root level of the tree. 

7. (Original) The method of claim 6 wherein a given one of the second level subtrees 
identifies one or more destination addresses to be examined if the corresponding root level 
source address matches a source address of a given received packet. 

8. (Original) The method of claim 1 wherein a matching table at a given level of the tree 
representation other than a root level of the tree representation comprises at least a portion of a 
subtree identified by a particular field value from an immediately previous level. 

9. (Original) The method of claim 1 wherein the tree representation is generated by 
associating a first node at the root level with a given value in a first field of one of the plurality 
of rules, and then processing remaining field values sequentially, with each value in turn being 
compared to one or more existing values at the appropriate node(s) of the tree representation to 
determine if a match exists, and associating that value with a matching table at one of the nodes 
of the tree representation based at least in part on the determination. 

10. (Original) The method of claim 1 wherein at each of at least a subset of the nodes of 
the tree representation having a separate matching table associated therewith, values in the 
matching table are arranged in order of decreasing specificity. 

11. (Original) The method of claim 1 wherein the corresponding actions include at least 
an accept action and a deny action. 
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12. (Original) The method of claim 1 further including the step of storing at least a 
portion of the tree representation in memory circuitry accessible to the processor. 

13. (Original) The method of claim 1 further including the step of utilizing the stored tree 
representation to perform an access control list based function in the processor. 

14. (Original) The method of claim 13 wherein the access control list based function 
comprises packet filtering. 

15. (Currently amended) An apparatus configured for performing one or more processing 
operations utilizing a representation of an access control list, the access control list comprising a 
plurality of rules, each of at least a subset of the rules having a plurality of fields and a 
corresponding action, the apparatus comprising: 

a processor having memory circuitry associated therewith; 

the memory circuitry being configured for storing at least a portion of a multi- 
level tree representation of the access control list, each of one or more of the levels of the tree 
representation being associated with a corresponding one of the fields; 

the processor being operative to utilize the stored tree representation to perform 
an access control list based function; 

wherein at least one level of the tree representation other than a root level of the 
tree representation comprises a plurality of nodes, with at least two of the nodes at that level each 
having a separate matching table associated therewith , each of the separate matching tables 
associated with that level comprising one or more entries each specifying a set of one or more 
values for the field associated with that level, and each of the separate matching tables associated 
with that level corresponding to a different set of one or more values, for another field, specified 
by a respective one of a plurality of entries of another matching table associated with another 
level of the tree representation . 
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16. (Original) The apparatus of claim 15 wherein the access control list based function 
comprises packet filtering. 

17. (Original) The apparatus of claim 15 wherein the memory circuitry comprises at least 
one of internal memory and external memory of the processor. 

18. (Original) The apparatus of claim 15 wherein the processor comprises a network 
processor. 

19. (Original) The apparatus of claim 15 wherein the processor is configured as an 
integrated circuit. 

20. (Currently amended) An article of manufacture comprising a machine-readable 
storage medium having program code stored thereon, the program code generating a 
representation of an access control list, the representation being utilizable in a processor, wherein 
the program code when executed implements the steps of: 

determining a plurality of rules of the access control list, each of at least a subset 
of the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access 
control list, each of one or more of the levels of the tree representation being associated with a 
corresponding one of the fields; 

wherein at least one level of the tree representation other than a root level of the 
tree representation comprises a plurality of nodes, with at least two of the nodes at that level each 
having a separate matching table associated therewith , each of the separate matching tables 
associated with that level comprising one or more entries each specifying a set of one or more 
values for the field associated with that level and each of the separate matching tables associated 
with that level corresponding to a different set of one or more values, for another field, specified 
by a respective one of a plurality of entries of another matching table associated with another 
level of the tree representation . 
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